CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7195 matches found

CVE•added 2025/03/19 8:21 a.m.•42 views

CVE-2024-13790

CVE-2024-13790 affects the MinimogWP theme for WordPress (versions

9.8CVSS9.9AI score0.0053EPSS

Exploits0References3

VulnCheck KEV•added 2025/03/19 12:0 a.m.•0 views

VulnCheck KEV: CVE-2024-3806

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'portoajaxposts' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in...

9.8CVSS6.2AI score0.64983EPSS

Exploits0References1

NVD•added 2025/03/15 5:15 a.m.•8 views

CVE-2025-1771

The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotelaloneloadmorepost' function 'style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...

9.8CVSS0.00136EPSS

Exploits0References2

OSV•added 2025/03/15 5:15 a.m.•2 views

CVE-2025-1771

9.8CVSS7.8AI score0.00136EPSS

Exploits0References2

Cvelist•added 2025/03/15 4:22 a.m.•9 views

CVE-2025-1771 Traveler <= 3.1.8 - Unauthenticated Local File Inclusion via hotel_alone_load_more_post

9.8CVSS0.00136EPSS

Exploits0References2

Vulnrichment•added 2025/03/14 5:24 a.m.•5 views

CVE-2024-13913 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.83 - Cross-Site Request Forgery to Local File Inclusion

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.0.83. This is due to missing or incorrect nonce validation in the '/migrate/templates/main.php' file. This makes it possible for...

8.8CVSS9.1AI score0.00077EPSS

Exploits0References4

Packet Storm•added 2025/03/14 12:0 a.m.•316 views

Fortra FileCatalyst Workflow 5.1.6 Build 135 SQL Injection

Fortra FileCatalyst Workflow version 5.1.6 build 135 remote SQL injection exploit. ============================================================================================================================================= | Title : Fortra FileCatalyst Workflow v5.1.6 Build 135 PHP Code Injecti...

9.8CVSS8.2AI score0.87417EPSS

Exploits5

Packet Storm•added 2025/03/13 12:0 a.m.•3298 views

Backdrop CMS 1.27.1 Remote Command Execution

Backdrop CMS version 1.27.1 proof of concept remote command execution exploit for a vulnerability discovered in 2024. ============================================================================================================================================= | Title : Backdrop CMS 1.27.1 PHP COd...

7.7AI score

Exploits0

Packet Storm•added 2025/03/13 12:0 a.m.•308 views

D Tale 3.15.1 Remote Command Execution

D Tale version 3.15.1 proof of concept remote command execution exploit. ============================================================================================================================================= | Title : D Tale v3.15.1 PHP code execution vulnerability | | Author : indoushka |...

9.8CVSS9.8AI score0.91737EPSS

Exploits5

Packet Storm•added 2025/03/12 12:0 a.m.•363 views

Webmin 1.580 Directory Traversal

Webmin version 1.580 proof of concept directory traversal exploit that leverages a vulnerability from 2012. ============================================================================================================================================= | Title : Webmin 1.580 Directory Traversal...

5CVSS6.9AI score0.53985EPSS

Exploits3

Vulnrichment•added 2025/03/11 9:21 p.m.•6 views

CVE-2025-1707 Review Schema <= 2.2.4 - Authenticated (Contributor+) Local File Inclusion via Post Meta

The Review Schema plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.4 via post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing...

8.8CVSS8.9AI score0.0023EPSS

Exploits0References3

CVE•added 2025/03/11 9:21 p.m.•59 views

CVE-2025-1707

CVE-2025-1707 applies to the WordPress plugin Review Schema (Versions up to and including 2.2.4). The vulnerability is Local File Inclusion via post meta, exploitable by authenticated attackers with contributor+ privileges to include and execute arbitrary PHP files on the server, potentially bypa...

8.8CVSS8.9AI score0.0023EPSS

Exploits0References3

Packet Storm•added 2025/03/11 12:0 a.m.•293 views

ABB AC500v3 3.7.0.569 Symlink Attack

ABB AC500v3 version 3.7.0.569 proof of concept symlink attack exploit that leverages vulnerabilities previously discovered in 2024 by CyberDanube. ============================================================================================================================================= | Title ...

7.3CVSS7.2AI score0.00191EPSS

Exploits3

RedhatCVE•added 2025/03/10 2:38 a.m.•6 views

CVE-2024-13890

The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0. This is due to allowing PHP code to be entered by all users for whom unfiltered HTML is allowed. This makes it possible for authenticated attackers, with Editor-level access a...

7.2CVSS7.3AI score0.00236EPSS

Exploits0References1

Packet Storm•added 2025/03/10 12:0 a.m.•236 views

Zabbix 6.0.32rc1 PHP Code Injection

Zabbix server version 6.0.32rc1 proof of concept remote code injection exploit. ============================================================================================================================================= | Title : Zabbix server v 6.0.32rc1 PHP Code Injection Vulnerability | |...

9.9CVSS8.3AI score0.91398EPSS

Exploits13

NVD•added 2025/03/08 3:15 a.m.•3 views

CVE-2024-13890

7.2CVSS0.00236EPSS

Exploits0References2

OSV•added 2025/03/08 3:15 a.m.•0 views

CVE-2024-13890

7.2CVSS5.8AI score0.00236EPSS

Exploits0References2